<?php 
	function processLogin($user, $pass) 
	{
		$userPass = generateHash($pass, $pass);
		$selectPassword = "SELECT password FROM customer WHERE password = '" . $userPass . "';";
		$result = mysql_query($selectPassword);
		if(!$result) {
			$message = 'Invalid Query: ' . mysql_error();
			$message .= ' | Whole Query: ' . $selectPassword;
			die($message);
		}
		
		while($row = mysql_fetch_assoc($result)){
			$dbPass = $row['password'];
		}
		if($dbPass === $userPass) {
			$SESSION['username'] = $user;
			echo "<meta http-equiv=\"refresh\" content=\"0; url= ../". $SESSION['username'] . "\" />";
		} else {
			echo "<p id=\"error\">Username or Password incorrect.</p>";
			echo "<meta http-equiv=\"refresh\" content=\"1; url= ../\" />";
		}
	}
	
	// Password salt and hash
	define('SALT_LENGTH', 9);
	function generateHash($plainText, $salt = null)
	{
		if ($salt === null)
		{
			$salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
		}
		else
		{
			$salt = substr($salt, 0, SALT_LENGTH);
		}

		return $salt . sha1($salt . $plainText);
	}
?>